AgentPay

Credit and spend control for AI agents, with an undo button.

AgentPay is a trust layer for AI-agent payments. It lets a human connect agents, set spending rules, audit every decision, and keep a short undo window before money moves. The first wedge is agents buying credits or paid capacity, such as inference credits, web-data credits, and browser automation hours. Mollie is the first payment rail; AgentPay is the policy, verification, reversibility, and audit layer above payment providers.

Why

Autonomous agents can already write code, call APIs, and coordinate work. The next blocker is money. Giving an agent a card with no limits is not acceptable, but forcing every small action through manual checkout kills autonomy.

AgentPay closes that loop:

• agents can request payments or credit top-ups;
• deterministic code owns amounts, limits, and allowlists;
• an adversarial verifier can block suspicious requests;
• humans keep liability gates for high-risk actions;
• reversible intents delay capture until the undo window expires or the human confirms.

Core Primitive

ReversiblePaymentIntent is the central object.

An agent can prepare a payment, but AgentPay keeps molliePaymentId:null until commit. The payment can be cancelled before capture, confirmed manually, or auto-committed after the undo window if policy and verifier both allow it.

{
  "type": "ReversiblePaymentIntent",
  "intentId": "pay-123",
  "status": "pending_reversible",
  "amount": "18.00",
  "currency": "EUR",
  "merchant": "Bookstore",
  "claim": "a book to help you grow",
  "molliePaymentId": null,
  "undoUrl": "http://localhost:3000/pay/pay-123/undo",
  "confirmUrl": "http://localhost:3000/pay/pay-123/confirm"
}

Safety Model

1. The LLM never computes money. Amounts, provider prices, ceilings, and daily limits are deterministic code paths.
2. Policy runs before payment. policy.js decides auto-approve, human approval, or reject.
3. Verifier runs adversarially. verifier.js checks injection, merchant/claim mismatch, and anomalous requests. Codex can be used when available, with a heuristic fallback for demos.
4. Money only moves at commit. Reversible intents do not call Mollie until confirm or auto-commit.
5. Every step is audited. The audit trail records who asked, what was checked, why it passed or failed, and what moved.

Quickstart

git clone https://github.com/enyolanev-bit/Agentpay.git
cd Agentpay
npm install
SIMULATE_PAYMENTS=1 VERIFIER_MODE=heuristic npm run dev

Open:

• http://localhost:3000/m for the mobile undo wallet;
• http://localhost:3000 for the dashboard;
• http://localhost:3000/credits for the credit top-up demo;
• http://localhost:3000/audit for the audit trail;
• http://localhost:3000/task for the live agent demo.
• http://localhost:3000/earn for the agent revenue demo.

Run the full demo:

./demo.sh

JavaScript SDK

import { AgentPayClient } from 'agentpay';

const agentpay = new AgentPayClient({
  baseUrl: 'http://localhost:3000',
  agentToken: process.env.AGENTPAY_AGENT_TOKEN,
});

const intent = await agentpay.createReversibleIntent({
  amount: '18.00',
  merchant: 'Bookstore',
  description: 'a book for personal growth',
  idempotencyKey: 'agent-run-123',
});

console.log(intent.molliePaymentId); // null until commit

SDK docs: sdk/README.md. Runnable example: examples/node-agent/agent.js.

Agent API

Full reference: docs/API.md.

Create a reversible payment intent:

curl -X POST http://localhost:3000/agent/pay-reversible \
  -H "Authorization: Bearer <AGENT_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": "18.00",
    "currency": "EUR",
    "merchant": "Bookstore",
    "description": "a book for personal growth",
    "claim": "a book to help the user grow"
  }'

Create a deterministic credit top-up intent where the agent chooses only the provider and AgentPay owns amount, merchant, claim, policy, undo, and audit:

curl -X POST http://localhost:3000/agent/credit-topup \
  -H "Authorization: Bearer <AGENT_TOKEN>" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: agent-run-123:openrouter" \
  -d '{"provider":"openrouter"}'

Cancel before capture:

curl -X POST http://localhost:3000/pay/<INTENT_ID>/undo

Confirm immediately:

curl -X POST http://localhost:3000/pay/<INTENT_ID>/confirm

Agent-to-agent payment:

curl -X POST http://localhost:3000/agent/pay-agent \
  -H "Authorization: Bearer <PAYER_AGENT_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"payee":"@data-provider","amount":"2.50","service":"Lead enrichment"}'

MCP Direction

AgentPay exposes the same trust layer through MCP so agents can request payment permissions naturally:

• agentpay.create_reversible_intent
• agentpay.list_pending_intents
• agentpay.undo_intent
• agentpay.confirm_intent
• agentpay.get_allowance
• agentpay.get_audit_events

The API remains the stable backend interface. MCP sits above it for agent runtimes and local assistants.

Run it with npm run mcp. Details: docs/MCP.md.

Project Map

File	Role
server.js	Express routes, UI, API, webhooks, demo endpoints.
store.js	In-memory accounts, agents, policies, payments, audit. Money is stored in integer cents.
policy.js	Deterministic spending guardrail.
verifier.js	Adversarial verifier using Codex or heuristic fallback.
flow.js	Payment orchestration and state transitions.
mollie.js	Mollie customer, mandate, payment, and webhook helpers.
views.js	Dashboard, mobile undo wallet, marketplace, audit UI.
tasks.js / provider.js	Live agent and A2A demo flow.
test/	Policy and reversible-payment invariant tests.

Environment

For local demos:

SIMULATE_PAYMENTS=1
VERIFIER_MODE=heuristic
DECIDER_MODE=fallback
PORT=3000
AGENTPAY_DATA_FILE=data/agentpay.json

For Mollie test mode:

MOLLIE_API_KEY=test_...
BASE_URL=https://your-ngrok-url.ngrok-free.app

Do not use live Mollie keys unless you explicitly intend to move real money.

Business Model

AgentPay should stay open source at the core: protocol, SDK, MCP surface, deterministic policy, verifier fallback, and demo.

The revenue wedge is agent-driven spend. If AI agents browse, choose vendors, buy data, buy tools, or pay other agents, teams need a control layer before those agents can touch money. AgentPay sells that layer: budgets, approvals, reversible intents, audit, and provider settlement.

The paid product is AgentPay Cloud:

• durable ledger and signed audit trail;
• reliable webhooks, retries, idempotency, monitoring;
• team dashboard, seats, environments, allowances;
• advanced policies and risk controls;
• PSP connectors beyond Mollie;
• compliance exports and support.

See docs/OPEN_SOURCE_BUSINESS.md.

Roadmap: docs/ROADMAP.md.

Public launch kit: docs/PUBLIC_LAUNCH_KIT.md.

Pilot business experiment: docs/PILOT_BUSINESS_EXPERIMENT.md and docs/PILOT_PROSPECT_TRACKER.md.

First 100 EUR plan: docs/FIRST_100_EUR_PLAN.md.

First 100 EUR outreach drafts: docs/FIRST_100_EUR_OUTREACH_DRAFTS.md.

Deployment readiness: docs/DEPLOYMENT_READINESS.md.

Agent.ai listing draft: docs/AGENT_AI_LISTING_DRAFT.md.

AP operating model: docs/AP_OPERATING_MODEL.md.

Social channel protocol: docs/SOCIAL_CHANNEL_PROTOCOL.md.

Status

This is an early MVP. It is useful for demos, prototypes, and design exploration. Local JSON persistence is available for MVP durability. Before production use, AgentPay needs a SQL storage adapter, stronger auth, PSP error handling, hosted webhooks, observability, and a production security review.

Contributing and Security

• Contributing guide: CONTRIBUTING.md
• Security policy: SECURITY.md

License

MIT. See LICENSE.